Introduction

We are pleased to table the Annual Report to Parliament on the administration of the Privacy Act for fiscal year 2010-2011, as required under subsections 72(1) and 72(2).

Purpose of the Privacy Act

The Privacy Act provides Canadian citizens and individuals present in Canada the right to seek access to their personal information that is held by the federal government. It also governs the collection, use, disclosure, retention and disposal of personal information.

Departmental Mandate

On behalf of the Government of Canada, the Department of Foreign Affairs and International Trade is Canada’s face and voice to the world, working to advance Canada’s political and economic interests in the international community as well as to apply Canadian experience to help address global issues.

The Department's legal mandate, as set out in the Department of Foreign Affairs and International Trade Act, RSC 1985, c. E-22, is to:

conduct all diplomatic and consular relations on behalf of Canada;

conduct all official communication between the Government of Canada and the government of any other country and between the Government of Canada and any international organization;

conduct and manage international negotiations as they relate to Canada;

coordinate Canada's economic relations;

foster the expansion of Canada's international trade;

coordinate the direction given by the Government of Canada to the heads of Canada's diplomatic and consular missions and to manage these missions;

administer the foreign service of Canada;

foster the development of international law and its application in Canada's external relations.

In addition, Passport Canada which is a Special Operating Agency of Foreign Affairs and International Trade Canada is responsible for issuing, refusing, revoking and withholding Canadian passports, in addition to administering their use and recovery. Passport Canada supervises all matters relating to Canadian travel documents and provides guidance to Canadian government offices abroad, enabling them to issue passports. Besides serving the public directly, Passport Canada also works with national and international police authorities, security agents, border officials and any federal, provincial and territorial authorities that provide identification documents.

The Minister of Foreign Affairs is also responsible for the Export and Import Permits Act, RSC 1985, c. E-19, which authorizes the government to control and monitor the transborder flow of specified goods, and for the Special Economic Measures Act, 40-41 Elizabeth II, c. 17, which authorizes the government to apply economic sanctions in response to a serious threat to international peace and security.

The Department also provides administrative support to other government departments with personnel abroad.

In 2010-2011, the Department had 13,259 Full-time Equivalents with the workforce made up of three groups. First, Canada-based rotational staff made up mainly of Foreign Service officers, in addition to administrative support employees and information technology specialists who relocate regularly between headquarters and Canada’s missions abroad. Second, non-rotational staff who work primarily at Headquarters. Third, locally-engaged staff who work at missions abroad.

The Department’s key priorities in 2010-2011

Greater economic opportunity for Canada, with a focus on growing/emerging markets

Canada’s success in building a sustainable recovery and long-term competitive strength is fundamentally linked to its engagement with the global setting. It is for that reason that the pursuit of economic opportunity remains DFAIT’s leading priority. With its world-class financial and banking system, its potential to become an energy superpower, its highly skilled labour force, and its competitive corporate tax rates, Canada is well positioned to succeed in world markets and to attract foreign investment. However, there are international developments that could adversely affect Canada, such as the uneven and potentially fragile economic recovery of Canada’s major trading partners, persistent global financial imbalances, the slower-than-expected pace in concluding the World Trade Organization’s Doha Round, and the threat of protectionism in many countries. In this context, there is a premium on the effective promotion and advocacy of Canada’s economic interests. In support of the government’s national competitiveness strategy (Advantage Canada) and Economic Action Plan, DFAIT undertook the following initiatives in 2010-2011:

Through its new Integrative Trade Model initiative, DFAIT’s trade commissioners offered integrated and innovative solutions to clients, based on their needs and in line with government priorities, by leveraging the combined value of DFAIT’s commerce network and by strengthening the network’s capacity in key sectors.

DFAIT made an accelerated push to pursue economic opportunities in priority markets identified in the government’s Global Commerce Strategy. With a continuing focus on emerging markets, the department is bringing to full operation the new Canadian trade offices in India, China and Brazil.

DFAIT continued negotiation of the Comprehensive Economic and Trade Agreement with the European Union, and sought to advance or conclude free trade agreements with other partners (e.g. Korea, the 15 Caribbean nations that make up CARICOM, the Dominican Republic, and Central American nations).

DFAIT worked to brand Canada as a destination of choice for investment and to promote commercial partnerships between Canadian and international firms related to commercialization of innovation.

DFAIT pursued foreign investment promotion and protection agreements as well as science and technology partnership agreements with key countries.

DFAIT worked with its portfolio partners, Export Development Canada (EDC) and the Canadian Commercial Corporation, to ensure Canadian firms have access to competitive and innovative financial products in order to sustain their success.

The G20 summit hosted in Canada provided an invaluable opportunity to address issues such as financial reform, protectionism and other issues, as well as an occasion to showcase Canada as a business partner of advantage.

United States and the Americas

The United States remains Canada’s most important economic and security partner, with some $2 billion in goods and services crossing the border daily. Canada’s security and prosperity are inextricably linked to effective management of the relationship with the United States on a range of bilateral, regional and global economic issues. The most significant plans are as follows:

The department continues to work through Canada’s network of missions in the United States to further assist Canadian clients in accessing global value chains.

DFAIT continues collaboration with the United States, using a risk-based approach, to build a secure border that facilitates commerce and travel.

The department is also building on the agreement, reached in February 2010, which will enable Canadian companies to participate in United States infrastructure projects financed under the American Recovery and Reinvestment Act.

Canada’s engagement in the Americas is predicated on a whole-of-government approach that advances the key themes of democratic governance, prosperity and security in the region. The department continues to position Canada as a reliable supporter of democratic rule, a preferred trading partner and a key actor in addressing regional security threats. Key plans related to DFAIT’s activities in the Americas include the following actions:

DFAIT broadened cooperation with key partners and works to increase the capacity of regional institutions, like the Organization of American States (OAS), in areas such as combating crime, conflict prevention and peace operations.

DFAIT deepened Canada's involvement in international efforts to help Haiti recover and rebuild, following the January 2010 earthquake. Canada has already shown leadership in hosting the Ministerial Preparatory Conference of the Group of Friends of Haiti, which was held in Montreal in late January 2010.

Afghanistan, including in the context of neighbouring countries

The NATO-led mission remains Canada's priority. Afghanistan’s stability and development is fundamental to regional stability and to Canada’s own security. An international consensus on the way forward, led by President Obama's new strategy announced in late 2009 and the conclusions of the London Conference of January 2010, commits all sides to greater progress. The most significant plans were as follows:

Canada continued to work toward an Afghanistan that is democratic, self-sufficient and stable. One objective was to create a more secure Kandahar that is better governed and supported by a more capable national government that can deliver basic services to its citizens.

DFAIT led development and implementation of an integrated strategy for the 2011 transition of Canada’s mission in Afghanistan. This will emphasize analysis of the civilian role beyond 2011, development and diplomatic efforts to help increase the security capacity of Afghan National Security Forces, and strengthening of governance and respect for human rights.

In relation to neighbouring countries, DFAIT continues its work to strengthen international engagement on Pakistan, through the multilateral Friends of Democratic Pakistan process as well as with key allies and regional players, including China, Japan, South Korea, Australia, and India.

Asserting Canadian leadership in emerging global governance

The emergence of a multi-polar world has fundamentally challenged the capacity of conventional global governance to deal with issues of global impact. The urgent need to address challenges arising from the worldwide recession, such as the reform of global financial architecture, as well as horizontal issues such as climate change have, in part, accounted for the rising interest in, and influence of, the G20. In hosting the G8 and G20, Canada had a unique opportunity to exert influence in the search for innovative solutions to an array of global challenges. Key plans included the following:

The department provided intensive support for Canada’s hosting of the G8 and G20 summits in June, 2010, not only in ensuring efficient organization and logistics but in shaping meaningful, innovative outcomes across a range of issues.

Canada used its G8 chairmanship to support development objectives such as maternal and child health in the developing world, and to build consensus on shared challenges in peace and security.

DFAIT continued Canada’s campaign for a seat on the UN Security Council for 2011-2012.

Overall, DFAIT continued its efforts to ensure that Canada's values and interests are reflected in multilateral forums, including those of the UN, the G8 and G20, La Francophonie, and NATO as well as regional organizations. DFAIT delivers results related to its priorities through diplomacy and advocacy, bilaterally and multilaterally. Canada’s efforts to improve human rights, democratic governance, and corporate social responsibility around the world serve to protect Canadians and their interests at home and abroad.

With regard to the Arctic, a region of growing global interest in terms of commerce, resources and transportation, DFAIT continued to develop and promote Canada’s Arctic Foreign Policy—the international dimension of the Government of Canada’s Northern Strategy. The department worked bilaterally with other Arctic partners, within the Arctic Council, with the five Arctic coastal states and in other multilateral forums to assert Canada’s Arctic sovereignty and to promote collaboration on issues of environment, economic and social development, and governance.

Transforming the Department

The rapidly changing nature of the international environment has required the department to undertake comprehensive actions to modernize all aspects of its operations. DFAIT must ensure that it is as agile and responsive as possible in order to be able to address the risks and to take advantage of the opportunities generated by new global realities. It is against this backdrop that a comprehensive transformation agenda to modernize the department was launched in 2008, an effort that continued in 2010-2011.

DFAIT continued improvements to its governance structure, to its delivery of commercial, consular, and passport services, and to its management of Canada’s mission network on behalf of the entire government.

In line with its Integrated Trade Model initiative, DFAIT started to create trade commissioner positions within up to 10 national industry associations across Canada to begin development of global strategies for key sectors. This initiative reflects DFAIT’s commitment to deepen its partnership with the private sector in helping to increase the global competitiveness of Canadian businesses.

DFAIT continued its ambitious reallocation of its human resources abroad, which began in 2007-2008. By end of 2011-2012, a total of 400 positions will have been moved to missions in priority countries and emerging markets as well as to regional offices across Canada. At the same time, the number of headquarters positions will be reduced by 400.

This shift includes reallocation of some positions to DFAIT’s Regional Services Centre for Europe, the Middle East, and Africa, which was launched in fall 2009 for the purpose of improving operational agility and client service. Over the planning period, DFAIT designed and started to implement two more of these centres, for the Americas and the United States respectively.

In renewing its business model, DFAIT aimed for greater economy and effectiveness, while strengthening its policy and program delivery capacity.

Finally, it made ongoing improvements to its human resources and financial management, and increased its accountability.

Delegated Authorities

Under Section 73 the Act, the Minister’s authority is delegated to enable the Department to meet its legislated requirements as well as exercise its powers. Since October 2009 responsibility for all sections of the Act was delegated to the Deputy Ministers, to the Corporate Secretary, to the Director of the Access to Information and Privacy Protection Division, to the Deputy Directors of the ATIP Office, as well as to Heads of Mission but only as it relates to disclosure under section 8(2)(m) of the Privacy Act. (See Annex A)

In addition, Passport Canada as a special operating agency obtained its own ATIP delegated authority to respond to requests under both the Access to Information Act and Privacy Act as they relate to its passport records. This delegation came into effect on April 1, 2011. For reporting purposes, however, the DFAIT ATIP Office will continue to include PPTC in its annual reports to Parliament as well as for TBS statistical reports.

Organizational Structure

The Access to Information and Privacy Protection Division (ATIP Office) is responsible for the administration of the ATIA, including the processing of requests and consultations. The Director of the ATIP Office reports to the Corporate Secretary, who in turn reports to the Associate Deputy Minister of Foreign Affairs.

In 2010-2011, with the addition of 10 new full-time equivalents, the division had four teams of processing Analysts reporting to two Deputy Directors. In addition, the Backlog Team, comprised mainly of consultants and support staff, reported directly to the division’s third Deputy Director. The Deputy Directors, the Manager of Business Practices and Systems, as well as the Policy & Governance team reported to the Director (see Figure 1).

Figure 1: ATIP Office Organizational Structure

More recent changes to the ATIP Office’s capacity (53 full-time equivalents) and structure, including new fast-track Consultation team and an Intake Unit, will be reported in the next Annual Report to Parliament in 2011-2012.

Ongoing Challenges

The graph in Figure 2 represents the ever increasing number of requests (all types) received by DFAIT under both Acts. During this reporting period, DFAIT (including Passport Canada) received a total of four thousand, one hundred and sixty-three requests (4,163), that totalled two hundred and forty-seven thousand, seven hundred and thirty-eight (247,738) pages. This represents an increase of 24% over last fiscal year. The types of requests that faced growth were Access to Information Act requests, consultations under both Acts from other government departments as well as requests under the Privacy Act primarily to Passport Canada from investigative bodies.

Figure 2: Number of ATIP Requests Received per Fiscal Year

Given its mandate and various responsibilities at the international level, DFAIT plays a key consultation role under the Access to Information Act and the Privacy Act on behalf of other government departments (OGDs).

Other ongoing challenges include:

The level of complexity and sensitivity of ATIP requests facing DFAIT as well as parallel litigation.

DFAIT’s unique responsibilities under both Acts on behalf of other government departments (OGDs) and related TBS policies. DFAIT consults with foreign organizations for OGDs that are processing requests for records originating from abroad. In fact, like in previous reporting periods, DFAIT received even more requests for ATI consultations from OGDs (1,049) than ATI requests for access to records under its control (798). This important role continues to put another heavy burden on the ATIP Division’s resources.

There is a limited pool of experienced ATIP analysts across the federal ATIP community and there are substantial time and cost implications for the Department to “grow its own” ATIP analysts.

There are significant information management and information technology (IM/IT) challenges within DFAIT, which continue to be examined for e-solutions.

Key Considerations

Since 1998, DFAIT’s performance under the Access to Information Act has been scrutinized closely by the Office of the Information Commissioner (OIC) due to poor departmental compliance with the Act’s prescribed time limits. As well, improved compliance and commitment to these legislative responsibilities has been identified as a Government of Canada priority, reflected in the following instruments:

Federal Accountability Act. Commitment to openness, transparency and accountability of its program activities as it relates to the obligations under the Access to Information Act and the Privacy Act.

Management Accountability Framework (MAF). Effectiveness of Information Management Indicator (number 12) is: “Governance and management of information and records in a manner that supports the outcome of programs and services, operational needs and accountabilities, and the administration of the Privacy and Access to Information Acts.”

TBS policies on Access to Information and Privacy speak of the “quasi-constitutional” role played by ATIP and the importance of compliance to government accountability and the democratic process.

TBS Privacy Impact Assessment Policy was introduced in May 2002 and DFAIT had to establish the required resources to ensure its compliance. In addition, as a result of TBS’ 2005 Management of Information Technology Security (MITS) requirements, DFAIT must ensure the security of information and information technology (IT) assets which includes the requirement to prepare Privacy Impact Assessments for most of its systems.

Services for Canadians comprise one of three strategic outcomes under the Department’s Program Activity Architecture (PAA). ATIP is one of the key services provided to the general public in Canada by the Department, and better service requires improved compliance with the relevant Acts. Furthermore, given the additional function of the departmental ATIP office of consulting foreign governments on the release of information originating with them, there is a major component of ATIP implementation that includes managing our international relationships and ensuring partners that their information is managed appropriately.

Improving compliance with the Access to Information Act and the Privacy Act continued to be a departmental priority, especially in light of a growing backlog related to requests for information related to the Government’s key international priorities such as Afghanistan. So much so that, while financial restraints faced DFAIT in 2010-2011, the ATIP Office was nonetheless able to build additional capacity with the injection of $2.7M in new ATIP funding in June 2010.

Administration of Requests

The following section explains in more detail the TBS statistical report as provided in Annex B.

Privacy Requests

Between April 1, 2010 and March 31, 2011, the Department received three hundred and twenty (320) requests for personal information under the Privacy Act. Along with those new requests, forty -six (46) requests were carried over from the previous fiscal year, for a total of three-hundred and sixty-six (366) requests. During the reporting period, three hundred and thirty-three (333) requests were completed and thirty-three (33) still active files were carried over to the next reporting period.

Disposition of Completed Requests

Figure 3: Disposition of Completed Requests

Requests

Number of Requests

All disclosed

32

Disclosed in part

217

Nothing disclosed (excluded)

0

Nothing disclosed (exempted)

1

Unable to process

41

Abandonded by applicant

29

Transferred

13

Total

333

Exemptions and Exclusions

The exemption most commonly used by the Department during the period was section 26 [Information about another individual] of the Privacy Act. It was invoked in two hundred and eleven (211) requests. The Department applied exclusions under sub-section 70(1) [confidences of cabinet] five (5) times during this reporting period.

Extensions

During the reporting period, the Department claimed extensions pursuant to paragraphs 15(a)(i) and 15(a)(ii): 22 and 13 times, respectively.

Consultations Received from Other Institutions

When a request contains records that are of a greater interest to another institution, the Access to Information and Privacy Coordinator of that institution is consulted. Between April 1, 2010 and March 31, 2011, the Department received one hundred and one (101) consultations under the Privacy Act from other federal government institutions.

During the reporting period, one hundred and twenty-six (126) consultations were completed under the Privacy Act representing three thousand, five-hundred and two (3,502) pages.

Consultations with Other Institutions

Figure 4: Consultations with Other Institutions

Requests

Number of Requests

Other Federal Governments

80

Privy Council Office (Cabinet Confidences)

5

Provincial Institutions or Municipalities

2

Foreign Governments or Institutions of States

14

Total

101

Disclosure of Personal Information

Subsection 8(1) of the Privacy Act states that “personal information under the control of a government institution shall not, without the consent of the individual to whom it relates, be disclosed by the institution except in accordance with this section.”

Subsection 8(2) of the Privacy Act states that “personal information under the control of a government institution may be disclosed” under certain specific circumstances (see Figure 5).

Figure 5: Disclosure of Personal Information Pursuant to s. 8(2)

Paragraph 8(2)(b)

Personal information may be disclosed “for any purpose in accordance with any Act of Parliament or any regulation made there under that authorizes its disclosure.”

Under this paragraph of the Privacy Act, eight (8) requests were received and treated.

Paragraph 8(2)(c)

Personal information may be disclosed “for the purpose of complying with a subpoena or warrant issued or order made by a court, person or body with jurisdiction to compel the production of information or for the purpose of complying with rules of court relating to the production of information.”

Under this paragraph of the Privacy Act, one (1) request was received and treated.

Paragraph 8(2)(d)

Personal information may be disclosed “to the Attorney General of Canada for use in legal proceedings involving the Crown in right of Canada or the Government of Canada.”

Under this paragraph of the Privacy Act, two (2) request was received and treated.

Paragraph 8(2)(e)

Personal information may be disclosed “to an investigative body ... for the purpose of enforcing any law of Canada or a province or carrying out a lawful investigation...”

Under this paragraph of the Privacy Act, seven hundred and forty-two (742) requests were received and treated. Most of the requests under section 8(2)(e) are received from the RCMP and CSIS who require access to passport application files. As such, the ATIP team at Passport Canada processes the bulk of these requests on behalf of DFAIT’s ATIP Office.

Paragraph 8(2)(f)

Personal information may be disclosed “under an agreement or arrangement between the Government of Canada [...] and the government of a province [or territory] [...] for the purpose of administering or enforcing any law or carrying out a lawful investigation.”

Under this paragraph of the Privacy Act, nine hundred and sixty-six (966) requests were received and treated. Most of requests under section 8(2)(f) are received from the Sûreté du Québec who requires access to passport application files. As in the case of 8(2)(e) requests, the ATIP team at Passport Canada processes the bulk of these requests on behalf of DFAIT’s ATIP Office.

Paragraph 8(2)(g)

Personal information may be disclosed “to a member of Parliament for the purpose of assisting the individual to whom the information relates in resolving a problem.”

The ATIP Office did not disclose any personal information pursuant to this paragraph during this reporting period.

Paragraph 8(2)(l)

Personal information may be disclosed “to any government institution for the purpose of locating an individual in order to collect a debt owing to Her Majesty in right of Canada”.

The ATIP Office did not disclose any personal information pursuant to this paragraph during this reporting period.

Paragraph 8(2)(m)

Personal information may be disclosed “for any purpose where, in the opinion of the head of the institution,

(i) the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or

(ii) disclosure would clearly benefit the individual to whom the information relates.

Under this paragraph of the Privacy Act, thirty-five (35) requests were received and treated during the reporting period. Most of these requests are received under section 8(2)(m)(ii) of the Act from the Public Health Agency of Canada (PHAC) who require contact information about individuals who were identified as sitting in close proximity to a person with infectious tuberculosis for longer than eight hours on a commercial aircraft. The release is deemed necessary to notify the appropriate provincial/territorial public health authorities who will inform the individuals of the risk of having been infected with latent tuberculosis infection. DFAIT has no objection to the release of the personal information without the consent of the subject individuals since the disclosure will clearly benefit the individuals to whom the information relates. In all cases, the Privacy Commissioner’s Office was notified of the release at the same time as the disclosure to the PHAC took place due to the urgency in such matters.

Complaints and Investigations

Complaints Received and Completed

Figure 6: Complaints Received and Completed

Reason for Complaint

Number of Complaints

Delay

2

Extension

0

Fees

0

Refusal - Exemptions

0

Refusal - General

1

Miscellaneous Use and Disclosure

0

Figure 7: Findings and Results

Finding

# of Finding

Result

# of Result

Discontinued

0

No Action Required

2

Not substantiated

0

Remedial Action Taken

0

Not Well Founded

1

Resolved

1

Well Founded

0

As a result of a previous complaint regarding the handling of consular records, the ATIP Office worked closely with the Consular Program to:

Revise the Consular Program’s Policy on the Use & Disclosure of Personal Information;

Revise the Consent to Disclosure of Personal Information Form;

Revise the Standard Operating Procedures for communication on consular cases;

Introduce a new Privacy & Access to Information Chapter in the Consular Policy Manual;

Introduce a Privacy Notice in the CAMANT User Guide; and,

Assist the Consular Program in developing its own online tutorial for consular training including ATIP provisions.

Privacy Breaches

During the reporting period Passport Canada (PPTC) handled thirty-three (33) incidents of privacy breaches, all of which involved the lost or theft of passport applications and improper disclosure. All subject individuals were notified in writing of the breach and of their right to submit a complaint to the Office of the Privacy Commissioner of Canada (OPC). Depending on the case, PPTC notified the OPC directly who was satisfied with its process and corrective measures.

DFAIT’s ATIP Office did not report any other type of privacy breaches during the reporting period.

Federal Court

During this reporting period, there was one ongoing Federal Court activity for a specific Privacy Act request involving DFAIT.

Abousfian Abdelrazik and Minister of Foreign Affairs and International Canada

In September 2009, Mr. Abdelrazik’s counsel filed an application (T-1581-09) pursuant to section 41 of the Privacy Act for an order compelling the production of personal information pertaining to the Applicant relating to a request made in November 2008. The applicant was justifiably concerned about the delays in responding to his request and had received a well-founded finding from the Privacy Commissioner of Canada. However, the file took an unusually long time to process due the voluminous nature of the records (approx. 15,000 pages), the complexity of the case involving litigation, the need to conduct numerous consultations including for cabinet confidences, as well as factors as a result of the ATIP Office’s lack of capacity. After lengthy consultations the ATIP Office managed to complete the processing in August 2010.

Issues Raised by Agents of Parliament

DFAIT was not the subject of any audit or review by agents of Parliament, including the Privacy Commissioner’s Office, in relation to the administration of the Privacy Act during the reporting period.

Administration of Personal Information

The Privacy Impact Assessment (PIA) Policy that was introduced by TBS in May 2002 was replaced by the new TBS’ Directive on Privacy Impact Assessment as of April 1st, 2010. This new Directive ensures that privacy is taken into account and that privacy implications are appropriately identified, assessed and resolved before a new or substantially-modified program, activity or service involving personal information is implemented. It is a step-by-step evaluation of the flow of personal information held within a given program, activity or service. More specifically, this process enables the Department to determine whether new technologies, information systems, initiatives, and proposed programs, activities, services or policies meet federal government privacy requirements. With the new Directive, a Preliminary Privacy Impact Assessment (also known as PPIA) is no longer initiated.

In addition, as a result of TBS’ 2005 Management of Information Technology Security (MITS) requirements, DFAIT must ensure the security of information and information technology (IT) assets which includes the requirement to prepare Privacy Impact Assessments for most of its systems.

From the initiation of a PIA to the final product, the ATIP Office provides privacy policy advice and guidance to program areas within the Department.

During the reporting period and in compliance with the above new Directive, DFAIT did not initiate any new PPIAs. During that same period, DFAIT initiated eight (8) new PIAs as well as submitted one (1) PPIA and one (1) PIA to the Office of the Privacy Commissioner (OPC) for review. In addition, one (1) PIA was completed and since published on its departmental Internet site..

It is important to note as well that another fifteen (15) projects relating to DFAIT program activities were reviewed by the ATIP Office during the reporting period but deemed not to require a Privacy Impact Assessment.

The following information pertains to PPIA and PIA activities in 2010-2011 and for ease of reference have been listed in alphabetical order:

Preliminary Privacy Impact Assessments (PPIA)

Emergency Management Portal

The Emergency Management Portal is a web-based reporting tool that will provide senior management and operational teams at HQ and missions with a centralized view of international emergencies affecting our missions around the world. It will consolidate all emergency management activities and information for the purpose of monitoring, managing and reporting on international emergencies, humanitarian, consular, global health, security, environmental, technological, political and economic crises. The portal will provide real-time situational awareness, analysis and lessons learned to improve emergency and crisis management.

A PPIA was previously initiated. It was completed and forwarded to the OPC during the reporting period. The Executive summary of the PPIA will be posted on DFAIT’s Website shortly, however, it will be captured in the next reporting period. The Executive summary will be posted at Publications - Access to Information and Privacy.

Privacy Impact Assessments (PIA)

ccmMercury

Used by its officials, DFAIT implemented ccmMercury in 2001. At the time of implementation, a single system to manage the Ministerial correspondence process had been developed. Over the years, additional systems were deployed through ccmMercury as per the Department’s requirement. Each system is independent of other systems within the ccmMercury environment. ccmMercury is a database application designed to allow users to track the workflow of a record including related attachments in many file formats. Its integration with an imaging solution allows a user to scan documents and through the use of templates, documents such as standard replies and routing slips can be automatically created. Searching and reporting capabilities allow users to easily find and report on the data captured in a system.

A PIA was previously initiated. During the reporting period, the PIA was completed and forwarded to the OPC. At the end of the reporting period, the ATIP Office was still awaiting the OPC’s comments on the PIA. During that same period, the Executive Summary of the PIA was also posted on DFAIT’s Internet Website, which can be found at Publications - Access to Information and Privacy.

Distressed Canadians Fund (DCF)

This fund is made up of public monies and is used to provide financial assistance to distressed Canadians abroad.

Expansion of the Registration of Canadians Abroad (ROCA) through Facebook

ROCA is a service that enables Canadians travelling or living abroad to sign up and be contacted and assisted by government officials in case of an emergency abroad (such as a natural disaster, civil unrest, or emergency at home).

During the reporting period, the ATIP Office was informed that the Department was looking at expanding ROCA through Facebook. A PIA was required for such an initiative and was initiated during the same period. Upon completion of the PIA, the Executive Summary will be posted on DFAIT’s Internet Website at Publications - Access to Information and Privacy.

Extractive Sector Corporate Social Responsibility (CSR) Counsellor

The Office of the Extractive Sector CSR Counsellor was established in 2009 as part of the Government of Canada’s CSR Strategy for the International Extractive Sector. The Strategy is designed to help Canadian mining, oil and gas companies meet their social and environmental responsibilities when operating abroad. The Office of the CSR Counsellor has a mandate to review CSR practices of Canadian companies operating outside of Canada and to advise stakeholders on recognized best practices and endorsed performance standards.

Foreign Service Directive (FSD) Portal

FSDs are designed to provide a system of allowances, benefits and conditions of employment that, in combination with salary, enable departments and agencies to recruit, retain and deploy qualified employees in support of government programs outside Canada.

The FSD Portal is an application that will be used to manage clients in missions outside of Canada. The Portal will receive data from the Human Resources Management System for all DFAIT clients. The client information of other government departments will be manually captured within the Portal. FSD Portal will also feed DFAIT’s Integrated Management System with the necessary information to assure that the clients are paid in a timely fashion.

Human Resources Management System (HRMS) and the Implementation of its Recruit Module

As with many other government departments, DFAIT uses the Human Resources Management System for human resource related matters such as appointments, leave, etc.

A PIA was previously initiated, completed and forwarded to the OPC. During the reporting period, the OPC advised that they were not going to be providing recommendations on the PIA, however they may choose to do so at a later date. During that same period, DFAIT also decided to implement the Recruit Module of the HRMS application. A PIA was then initiated for the said module. As soon as the PIA is completed, it will be posted on the DFAIT’s Internet Website at Publications - Access to Information and Privacy.

IPL Software for Japan Staff

The IPL Software is a payroll application that is used by the mission to produce the monthly pay for its Locally Engaged Staff in Japan (including missions in Tokyo, Kyushy, Ngoya and Spporo).

Online Project Management Collaboration Tool – OPROMA

The Physical Resources Bureau supports Canadian international objectives and programs through the provision of office and staff accommodation. As well, the Bureau provides asset management, maintenance and material services to the bureau clientele in a cost effective, economical and efficient manner. An online collaboration service for project management was used for some time on a pilot basis. It was very successful and the Department is preparing for full implementation. The online collaboration service will be hosted by a service provider on their premises.

A PIA was previously initiated. During the reporting period, additional information was provided to the ATIP Office. It was confirmed that the information collected is not deemed personal information as defined under the Privacy Act.. Thus, a PIA is not necessary and will not be completed.

Online Registration for Canada Trade Missions

The International Trade Missions Division is primarily responsible for the planning, coordination and execution of trade missions abroad.

A PPIA was originally submitted to the OPC on Aug. 14, 2007. The OPC provided some recommendations, but had additional questions. The ATIP Office did provide a response to the OPC and at the end of the reporting period was still awaiting a response from the OPC. The ATIP Office was also informed by the Trade Missions Division that there were changes to the collection, use and disclosure of the personal information being collected. The ATIP Office discussed this further with the Division. Shortly after the end of the reporting period, the ATIP Office confirmed with the Division that a PIA is required to address the changes. A PIA was then initiated and will be captured during the next reporting period. Upon completion of the PIA, the Executive Summary of the PIA will be posted on DFAIT’s Internet Website at Publications - Access to Information and Privacy.

Passport Canada - Addendum PIA to the Department of Justice’s (DoJ) Overarching PIA Regarding the Changes to the Sharing of Information Between the DoJ, PPTC and the RCMP

There is an existing information sharing agreement between PPTC, the DoJ and the RCMP regarding the suspension or denial of a passport, and the termination of a suspension or denial. The agreement required revisions as the information will no longer be shared with the RCMP.

During the reporting period, the DoJ was developing an overarching PIA to address and assess the changes relating to the process reflected in the above-mentioned agreement. PPTC initiated an Addendum PIA to be submitted to the DoJ as an appendix to their overarching PIA.Upon completion of the Addendum PIA, the Executive Summary will be posted on DFAIT’s Internet Website at Publications - Access to Information and Privacy.

Passport Canada - e-Passport Pilot

Following certain United Nations’ resolutions on combating terrorism, the International Civil Aviation Organization adopted new passport specifications that included a global blueprint for the integration of biometric identification information into passports and other machine-readable travel documents. These new specifications require the inclusion of an embedded chip that held the passport holder’s photo. In 2004, the Canadian government instituted its National Security Policy and presented an implementation plan to pursue initiatives reinforcing border security.

This PIA was sent to the OPC on March 19, 2008. The OPC further provided recommendations and a response was forwarded back on Dec. 29, 2008. In October 2009, the ATIP Office was informed by the OPC that they were satisfied with its response and that they were closing their file pending future submissions from PPTC on the national implementation. Later, the ATIP Office was informed by PPTC that the planning phase of the e-passport National Rollout Project was ongoing. During the reporting period, the updated PIA report (not a new PIA) describing the action items and their status was finalized by PPTC and forwarded to the OPC. At the end of the reporting period, the ATIP Office was still awaiting the OPC’s comments on the PIA update report and action plan.

Passport Canada introduced two new policies that are reflected on its Passport Application Forms. These new polices are the new Guarantor Policy and the Loss of Canadian Citizenship pursuant to section 8 of the Citizenship Act policy.

The new Guarantor Policy enables Canadian passport holders (with some restrictions as not all Canadian Passport Holders may act as Guarantor) to be a guarantor for a new passport applicant in Canada and in the USA.

The Directive on Policy regarding Loss of Citizenship requires the public service to inform Canadians that are impacted by Section 8 of the 1977 Citizenship Act, which states “Where a person who was born outside Canada after February 14, 1977 is a Canadian Citizen for the reason that at the time of birth, one of his parents was a citizen by virtue of paragraph 3(1)(b) or (e), that person ceases to be a citizen on attaining the age of twenty-eight years unless that person (a) makes application to retain citizenship; and (b) registers as a citizen and either resides in Canada for a period of at least one year immediately preceding the date of his application or establishes a substantial connection with Canada.”

A PIA was previously initiated, completed and forwarded to the OPC. During the reporting period, the OPC provided recommendations on the PIA and the ATIP Office responded to them. At the end of the reporting period, the ATIP Office was still awaiting the OPC’s comments on its response.

Scholarship – Public Diplomacy Funding

The Government of Canada’s Academic Relations Program’s international scholarships are managed by the Department of Foreign Affairs and International Trade. The program’s objective is to promote Canadian values and identity around the world in order to strengthen Canada’s international relations. Through its international scholarships activities which include scholarships for Canadians by foreign governments (Canada-China Scholars Exchange Program, Commonwealth Scholarship Plan, Foreign Government Awards, Organization of American States (OAS) Fellowships Programs) and scholarships for non-Canadians by the Government of Canada (Canada China Scholars’ Exchange Program, Commonwealth Scholarship Plan, Government of Canada Awards), DFAIT creates friends of Canada who could hold positions of authority in their respective countries reinforcing Canada’s international ties and influence. In developing countries, these scholarships are designed to contribute to the development of human capital. The Commonwealth Scholarships, which were among the first international scholarships to be established, were initiated in 1959 when Commonwealth countries, led by Canada, set up a scholarship plan to strengthen the links between them and to encourage higher education. Canada is the largest contributor of Commonwealth scholarships after the United Kingdom.

The PPIA was submitted to the OPC in November 2006. The OPC recommended that a full PIA be conducted. The full PIA was initiated during the reporting period. As soon as the PIA is completed, the Executive Summary will be posted on DFAIT’s Internet Website at Publications - Access to Information and Privacy.

Data Matching and Data Sharing

No new MOU / Information Sharing Agreements were signed during the reporting period, however, Passport Canada (PPTC) was working closely with the Department of Justice (DoJ) to revise the existing information sharing agreement between PPTC, the DoJ and the Royal Canadian Mounted Police (RCMP) regarding the suspension or denial of a passport and the termination of a suspension or denial. The agreement requires revisions as the information will no longer be shared with the RCMP.

During that same period, PPTC also implemented the Known Parent Project. The pilot project was tested in the Kitchener Regional Passport Office. PPTC was looking to identify an efficient and secure way to use existing records to confirm the identity of both the applying parent and the other parent whose signature is requested on a child’s application. The initiative increased the integrity of children’s passports, but also assisted in preventing possible child abduction. Additionally, PPTC improved customer service by consulting the database instead of inconveniencing clients by requiring them to provide additional documentation to confirm their identity. When PPTC was unable to determine the possible "match" of a signature in their database, further verifications were conducted to confirm the identity of the known parent.

Internal Operations

Backlog Project

With the injection of new ATIP funding in June 2010, the ATIP Office not only created ten (10) new full-time equivalents but also launched a Backlog Project in July 2010 in order to clear the bulk of the late files by summer 2011. The Backlog Project has been a tremendous success as, at the time of drafting this report, it had closed 360 of the 405 late ATIP files which represented 216,373 pages of the 275,056 pages to be processed. It was expected that the remaining 45 files (58,683 pages) some of which have outstanding external consultations would be completed by early fall 2011.

Policy and Governance

During 2010-2011, the ATIP Office created a dedicated Policy & Governance Team whose primary responsibilities include providing ATIP policy advice as well as develop and deliver ATIP training both internal to the ATIP Office as well as to departmental employees.

The Policy and Governance Team is also responsible for updating (keeping evergreen) the ATIP Analysts’ Guidelines relating to the processing of ATIP requests, answering general questions from internal clients and providing advice, assistance and guidance with regards to privacy, the requirement and development of new Privacy Impact Assessments (PIA), Privacy Notice Statements (PNS), Disclaimers, Consent forms and/or revisions to existing ones, as well as providing assistance in the development of TBS' Statistical Reports and the preparation of Annual Reports to Parliament for both the Access to Information Act and the Privacy Act.

This Team also reviews policy instruments and tools in compliance with the Access to Information Act and the Privacy Act as well as TBS' ATIP-related policies including the Privacy Principles. In conjunction with this the ATIP Office continued to develop new privacy policy instruments to assist the Department in meeting is privacy obligations, which included collaboration with the privacy policy areas of other departments.

The Team is also responsible for updating DFAIT's Chapter in TBS' Info Source Publication, registering Personal Information Banks with TBS and delivering Info Source training, awareness and/or question and answer sessions. Of importance to note is that the work in this policy area increased by at least 50 percent from the last reporting period as a direct result of:

Info Source Full Sweep: For the first time, the ATIP Office conducted a full sweep of the information holdings of all program areas in DFAIT. The coordination of this activity was an immense undertaking and involved the development of an extensive training package, delivery of multiple training sessions, one-one-one meetings with Offices of Primary Interest (OPI), as well as the review and update of the Department’s Info Source chapter. Approximately 80% of the OPIs responded to the full sweep.

New Internet/Intranet Policy: A new process was initiated whereby all new or updated forms published for the departmental Internet and Intranet required the ATIP Office’s approval. The work “mushroomed” as when assessing a form other privacy implications were discovered resulting in the need for a Class of Records, Class of Personal Information, Personal Information Bank (PIB), Privacy Notice Statement (PNS) and/or Privacy Impact Assessment (PIA). It should be noted that this area will increase even further when a similar process is implemented for all PDF forms.

Training and Development

During 2010-2011, the ATIP Office continued to ensure that all ATIP Analysts, regardless of their years of experience, received the necessary training and tools to do their job effectively via training sessions developed to meet the ATIP Office’s training needs and via a dedicated mentor/coach (a.k.a. Team Leader). The responsibilities of the Team Leaders are to ensure that there is a continuous and positive learning environment for employees’ proper development as ATIP specialists. Furthermore, learning plans have continued to be developed in consultation with each employee within the ATIP Office in order to effectively identify their training needs and to ensure that the necessary actions are taken to ensure that these needs are met.

The ATIP Office also continued to benefit from its ATIP Professional Development Program which is allowing DFAIT to “grow its own” ATIP Analysts due to the lack of experienced ATIP Analysts within the federal ATIP Community. This program has been very successful in addressing recruitment, retention and succession planning issues.

The creation of the new Policy & Governance Team has allowed the ATIP Office to address the training needs of the Department and of the ATIP Office on a full-time basis and to educate new employees as soon as they start working at DFAIT as well as ensuring the Department complies with all other aspects and regulations of the Access to Information Act and Privacy Act.

DFAIT’s Intranet ATIP website is always kept up-to-date and is accessible to those that may have questions regarding the ATIP process at DFAIT. The ATIP Office has also added many more reference tools such as customized Privacy Impact Questionnaires and all ATIP Tasking Instructions.

The ATIP Office implemented a structured anddepartmental-wide ATIP awareness program to ensure that officials across the Department understand their roles and responsibilities vis-à-vis ATIP. DFAIT has also expanded on the type of forums within which ATIP training is delivered, such as during staff meetings of subject-matter experts of Offices of Primary Interest (OPIs) and during DFAIT 101 courses, a course designed for employees that are new to the Department. ATIP sessions are also delivered during the various training sessions provided to employees leaving Canada in order to better prepare them to work at a mission. The trainer within the ATIP office also holds sessions with subject matter experts, during which records are reviewed in order to educate these employees on the exercise of discretion when making recommendations for severance.

New types of training sessions have also been developed using new technologies in order to ensure that the ATIP Office is able to capture a wider audience and to ensure that employees at mission also received the necessary training. For instance Access to Information Act and Privacy Act training sessions are being given to employees at missions (Locally Engaged Staff, Trade, Political and Consular Officers, as well as Administrative Assistants) using either videoconferencing or teleconferencing equipment.

Also, an online interactive ATIP tutorial has been developed in collaboration with the Canadian Foreign Service Institute. The tutorial consists of an awareness module; however, additional modules will be added in the near future. This is an important tool as it allows employees to receive training without additional resources being allotted to such efforts. DFAIT has also shared this tool with other Departments in hopes of assisting the federal ATIP community.

ATIP training sessions have also been provided in conjunction with Information Management officials as a test to evaluate the pros and cons of holding collaborative sessions, given the close relationship between ATIP and Information Management. Further discussions will be held in order to develop a more structured plan in order to provide such sessions in the future.

A new training presentation on section 15 of the Act (injury to international affairs) is currently in development which will be presented to the federal ATIP community via the Treasury Board Secretariat community meetings and training sessions. This presentation will educate other Departments on the responsibilities of DFAIT vis-à-vis both Acts when it comes to records that have international implications, and will therefore give other federal Departments a better idea as to when DFAIT should be consulted. This will help alleviate the high volume of consultations received by DFAIT and will help other federal departments in identifying what type of information and/or records should be sent to DFAIT as consultation.

The ATIP Office also refined the training program for ATIP Liaison Officers and subject-matter experts within Offices of Primary Interest (OPIs) across the Department. These training programs were advertised with all other training programs available via the Canadian Foreign Service Institute, and departmental messages were sent to all employees on a regular basis to advise of the opportunities for training. Employees were then able to register for these courses via an automated online service, which has improved the ATIP Office’s ability to deliver training.

In all, one hundred and thirty seven (137) separate ATIP Awareness training sessions were delivered during the reporting period by the ATIP offices at both DFAIT and Passport Canada, comprising of approximately one thousand three hundred and thirty seven (1337) employees, including:

its own ATIP Analysts, in regards to both Acts and certain exemptions/exclusions and the systems used to process requests received by the Department;

new ATIP Liaison Officers and their back-ups;

subject-matter experts within Offices of Primary Interest (OPIs);

consular program officials and those preparing to work at missions abroad; as well as

various departmental program officials including at Passport Canada.

Of all these participants that evaluated the training sessions delivered by DFAIT’s ATIP Office to Liaison Officers and their back-ups as well as sessions delivered to subject-matter experts within Offices of Primary Interest (OPIs), 89% of participants were very satisfied with the overall quality of the training, 90% of participants were very satisfied with the clarity of the information and 91% of participants felt that the trainer presented the information in a clear manner. Finally, 87% of all participants that evaluated the training sessions delivered felt that there was enough time allotted for these sessions to adequately address the material being presented.

During the reporting period, the ATIP Office also extensively revamped its Info Source training deck and delivered Info Source Training and Awareness sessions to Liaison Officers (LOs) and their back-ups. Follow up Q&A sessions were also scheduled, in addition to one-on-one sessions with senior staff members of the Offices of Prime Interest (OPIs). Fourteen (14) Info Source training sessions were held and attended by approximately 75 Liaison Officers. Of the 46 who returned an evaluation sheet from the training sessions, 43% felt the overall quality of the training was "excellent", 54% felt it was "good to very good" and .02% felt it was "unsatisfactory".

DFAIT’s ATIP Office continuously strives to refine its training tools and is very open to comments from employees participating in the various training session delivered. There are many plans in place to refine and enhance the effectiveness of current programs as well as to develop new ones.

Departmental Process and Internal Policies

Since the new streamlined processes were introduced in 2008 no significant changes were made to internal Access to Information Act processes or policies in 2010-2011. However, much attention has been placed to educate departmental officials on their ATIP roles and responsibilities to ensure compliance and efficiencies.

The Policy and Governance team did, however, make some revisions to its existing privacy-related policy instruments and initiated the drafting of new instruments which are better aligned with new and/or revised TBS’ ATIP-related policies. The policy instruments referred to herein include the PIA Protocol, PIA Checklist, Code of Fair Information Practices, Privacy Notice Statement Guidance Document, Disclaimer Guidance Document, etc. Some of these instruments have been completed, others require additional revisions and additional ones will also be initiated and completed as soon as possible.

Improvements

The following are improvements that have been made over the last reporting year 2010-2011 as well as ongoing initiatives to improve the overall ATIP function at DFAIT:

The ATIP Office prepared a 3-year Business Plan and adjusted resources to dedicate teams to work on on-time files as well as the Backlog Project. It hired consultants to clear the backlog, created 10 new FTEs, re-aligned the organizational structure to better meet ATIP demands, and adjusted the teams throughout the year to address high risk and urgent ATIP matters.

The salary budget was stabilized; however, due to ongoing recruitment and retention challenges across the federal ATIP community, it was not possible to fill all vacant positions. Nonetheless, efforts continue in this regard including participating in collective staffing processes. The ATIP Professional Development Program continues to prove its worth especially since the ATIP Office was able to recruit and promote several candidates with its pool of qualified candidates.

As part of the TBS ATIP Community Development Initiatives, the ATIP Office also worked closely for several months with TBS and other federal government ATIP Offices to develop generic ATIP organizational models and work descriptions as well as participated in the development of collective staffing initiatives for the federal ATIP community.

The ATIP Office also introduced Service Standards for all divisional staff.

In 2010-2011, the ATIP office:

reviewed/processed a total of 370,000 pages related to ATIP requests;

reduced the number of new requests running late;

improved turnaround time on consultations (from 110 days to 60 days on average);

drastically reduced the number of ATIP complaints by less than a quarter compared to previous years.

Understandably the team worked to address a high volume of backlog files (a.k.a. “late” files) which affected its ability to meet the 85% on time target. As a result, the statutory deadlines were met 68.5% of the time, which is nonetheless a significant improvement over last year where the deadlines were met 45.9% of the time (a 20% improvement).

During the reporting period, the Policy & Governance team worked closely with the Interwoven Project Team of the Corporate Information Systems Division to develop and implement an internal process throughout the entire Department to review existing forms being revised and/or new forms being developed. The new process was implemented to allow the ATIP Office to review and assess the privacy implications of existing forms being revised and/or new forms being developed and to ensure that these forms meet the requirements under the Privacy Act, TBS’ ATIP-Related Policies and Directives and the Privacy Principles.

During that same period, DFAIT made significant improvements when updating its Chapter in TBS’ Info Source publication as listed below:

Used the new physical layout for Info Source based on TBS’ new requirements and the Department’s Program Activity Architecture (PAA).

Created new and/or revised sixteen (16) institution-specific Personal Information Banks (PIBs) from which a total of seven (7) new registered PIBs were inserted into DFAIT’s Chapter.

Registered thirteen (13) new Standard PIBs.

Inserted one (1) new Class of Personal Information into DFAIT’s Chapter.

Precipitately undertook a ‘full sweep’ of the Department’s Information Holdings for inclusion in DFAIT’s Chapter of Info Source for the following yearly update.

The ATIP Office also continues to explore options to provide an ATIP tracking tool for DFAIT program areas as well as the means to gather records electronically which will not only greatly reduce the ATIP burden on departmental program areas but will also place DFAIT at the forefront of ATIP models.

These achievements were reflected in the "Acceptable" rating of the Management Accountability Framework (MAF) Round VIII assessment, the highest score reached by DFAIT since MAF was introduced. Also, the department received a "Strong" rating for ATIP Governance and Capacity.

Annexes:

Annex A: Privacy Act Designation Order

Minister of Foreign Affairs

Privacy Act

The Minister of Foreign Affairs, pursuant to section 73 of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto, or the persons acting in those positions, to exercise the powers and perform the duties and functions of the Minister of Foreign Affairs as the head of a Government institution under the Act. This designation replaces the designation dated March 11, 1998.

Disclosure of personal information relating to physical or mental health may be made to a qualified medical practitioner or psychologist for an opinion on whether to release information to the requestor